ScreenShot
Created | 2024.10.07 10:33 | Machine | s1_win7_x6401 |
Filename | g.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : mailcious | ||
VT API (file) | 30 detected (GotoHTTP, Artemis, Zusy, Unsafe, malicious, moderate confidence, RemoteAdmin, A potentially unsafe, Hacktool, CLOUD, lzrrv, MulDrop28, Generic Reputation PUA, STOP, susgen, GalbCJG8) | ||
md5 | 9c2aeb99843094262e5038fd152a7db1 | ||
sha256 | b1a74465a8c446d1b86d5984defdc18c9c06ad6107b7eb147f37df9b78cda104 | ||
ssdeep | 49152:P2oh8doKrZmeR5B1qf5LVohWStiOtg01HTulXG:wZmenaVohWSsOtg0wQ | ||
imphash | 4f4b4a6805c5b99531ec1a40e1069a26 | ||
impfuzzy | 192:DIFj/9sZLmNQQfoFzQ7RwJ9+WzyHZ4fSr7:DO79sZLs7RRoylr7 |
Network IP location
Signature (7cnts)
Level | Description |
---|---|
danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
watch | Installs itself for autorun at Windows startup |
notice | Creates a service |
notice | Foreign language identified in PE resource |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (8cnts)
Level | Name | Description | Collection |
---|---|---|---|
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | ASPack_Zero | ASPack packed file | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (13cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x6105ac getservbyname
0x6105b0 ntohs
0x6105b4 gethostbyaddr
0x6105b8 ntohl
0x6105bc recvfrom
0x6105c0 WSASetLastError
0x6105c4 getservbyport
0x6105c8 WSAIoctl
0x6105cc send
0x6105d0 WSAGetLastError
0x6105d4 connect
0x6105d8 inet_ntoa
0x6105dc htons
0x6105e0 closesocket
0x6105e4 socket
0x6105e8 ioctlsocket
0x6105ec inet_addr
0x6105f0 htonl
0x6105f4 getsockname
0x6105f8 setsockopt
0x6105fc sendto
0x610600 ind
0x610604 gethostbyname
0x610608 listen
0x61060c accept
0x610610 select
0x610614 __WSAFDIsSet
0x610618 getpeername
0x61061c recv
0x610620 WSAStartup
KERNEL32.dll
0x610108 FindFirstFileW
0x61010c FindNextFileW
0x610110 RemoveDirectoryW
0x610114 FindClose
0x610118 DeleteFileW
0x61011c TerminateProcess
0x610120 WriteFile
0x610124 CreateFileA
0x610128 WaitNamedPipeA
0x61012c CreateNamedPipeA
0x610130 GetStartupInfoA
0x610134 GetOverlappedResult
0x610138 WaitForMultipleObjects
0x61013c ReadFile
0x610140 CreateEventW
0x610144 GlobalFree
0x610148 GlobalUnlock
0x61014c GlobalLock
0x610150 GlobalAlloc
0x610154 GetFileSize
0x610158 SetFileTime
0x61015c CreateFileW
0x610160 MoveFileW
0x610164 CreateDirectoryW
0x610168 SetEvent
0x61016c GlobalSize
0x610170 GetFileAttributesW
0x610174 GetTempPathA
0x610178 ResetEvent
0x61017c WaitForSingleObject
0x610180 TerminateThread
0x610184 SetThreadPriority
0x610188 CreateThread
0x61018c GetLocalTime
0x610190 OutputDebugStringA
0x610194 WideCharToMultiByte
0x610198 GetSystemTimeAsFileTime
0x61019c DeviceIoControl
0x6101a0 FindFirstFileA
0x6101a4 FindNextFileA
0x6101a8 GetDriveTypeW
0x6101ac QueryPerformanceCounter
0x6101b0 QueryPerformanceFrequency
0x6101b4 GetSystemInfo
0x6101b8 GetSystemDirectoryA
0x6101bc CreateToolhelp32Snapshot
0x6101c0 TryEnterCriticalSection
0x6101c4 InterlockedExchangeAdd
0x6101c8 InterlockedCompareExchange
0x6101cc TlsFree
0x6101d0 TlsSetValue
0x6101d4 TlsAlloc
0x6101d8 TlsGetValue
0x6101dc GetTimeZoneInformation
0x6101e0 GetStartupInfoW
0x6101e4 IsDebuggerPresent
0x6101e8 SetUnhandledExceptionFilter
0x6101ec UnhandledExceptionFilter
0x6101f0 GetDriveTypeA
0x6101f4 FileTimeToLocalFileTime
0x6101f8 FileTimeToSystemTime
0x6101fc VirtualQuery
0x610200 VirtualProtect
0x610204 HeapReAlloc
0x610208 ExitProcess
0x61020c RtlUnwind
0x610210 VirtualAlloc
0x610214 VirtualFree
0x610218 IsProcessorFeaturePresent
0x61021c HeapAlloc
0x610220 GetProcessHeap
0x610224 HeapFree
0x610228 GetACP
0x61022c GetOEMCP
0x610230 IsValidCodePage
0x610234 HeapCreate
0x610238 InterlockedExchange
0x61023c DeleteFileA
0x610240 OpenProcess
0x610244 HeapSize
0x610248 GetConsoleCP
0x61024c GetConsoleMode
0x610250 SetHandleCount
0x610254 GetFileType
0x610258 SetFilePointer
0x61025c GetFullPathNameA
0x610260 GetCurrentDirectoryA
0x610264 GetModuleHandleA
0x610268 FreeEnvironmentStringsW
0x61026c Process32FirstW
0x610270 Process32NextW
0x610274 LoadLibraryW
0x610278 ProcessIdToSessionId
0x61027c GetVersionExW
0x610280 CreateProcessA
0x610284 VerSetConditionMask
0x610288 VerifyVersionInfoW
0x61028c CreateFileMappingW
0x610290 GetProcAddress
0x610294 lstrcmpiW
0x610298 LoadLibraryExW
0x61029c FindResourceW
0x6102a0 LoadResource
0x6102a4 SizeofResource
0x6102a8 MultiByteToWideChar
0x6102ac FreeLibrary
0x6102b0 InitializeCriticalSection
0x6102b4 lstrlenW
0x6102b8 GetModuleFileNameW
0x6102bc GetModuleHandleW
0x6102c0 GetCPInfo
0x6102c4 UnmapViewOfFile
0x6102c8 MapViewOfFile
0x6102cc OpenFileMappingW
0x6102d0 GetTickCount
0x6102d4 GetCurrentProcessId
0x6102d8 GetModuleFileNameA
0x6102dc Sleep
0x6102e0 CreateMutexW
0x6102e4 CloseHandle
0x6102e8 GetLastError
0x6102ec InterlockedDecrement
0x6102f0 InterlockedIncrement
0x6102f4 GetCurrentProcess
0x6102f8 FlushInstructionCache
0x6102fc RaiseException
0x610300 GetCurrentThreadId
0x610304 SetLastError
0x610308 LeaveCriticalSection
0x61030c EnterCriticalSection
0x610310 DeleteCriticalSection
0x610314 InitializeCriticalSectionAndSpinCount
0x610318 GetEnvironmentStringsW
0x61031c GetCommandLineW
0x610320 LCMapStringA
0x610324 LCMapStringW
0x610328 FlushFileBuffers
0x61032c GetLocaleInfoA
0x610330 GetStringTypeA
0x610334 GetStringTypeW
0x610338 SetStdHandle
0x61033c WriteConsoleA
0x610340 GetConsoleOutputCP
0x610344 WriteConsoleW
0x610348 CompareStringA
0x61034c CompareStringW
0x610350 SetEnvironmentVariableA
0x610354 SetEndOfFile
0x610358 GetStdHandle
0x61035c LocalAlloc
0x610360 LoadLibraryA
USER32.dll
0x610394 EnumWindows
0x610398 WindowFromPoint
0x61039c UnregisterClassW
0x6103a0 RegisterClassW
0x6103a4 SendInput
0x6103a8 UnregisterHotKey
0x6103ac GetDesktopWindow
0x6103b0 SetLayeredWindowAttributes
0x6103b4 RegisterHotKey
0x6103b8 GetClipboardData
0x6103bc GetPriorityClipboardFormat
0x6103c0 GetClipboardSequenceNumber
0x6103c4 ExitWindowsEx
0x6103c8 OpenClipboard
0x6103cc EmptyClipboard
0x6103d0 SetClipboardData
0x6103d4 CloseClipboard
0x6103d8 GetThreadDesktop
0x6103dc FindWindowW
0x6103e0 GetDlgItemTextW
0x6103e4 GetDlgItemInt
0x6103e8 SetDlgItemTextW
0x6103ec SetDlgItemInt
0x6103f0 SendDlgItemMessageW
0x6103f4 SetScrollInfo
0x6103f8 ShowScrollBar
0x6103fc GetScrollInfo
0x610400 ClientToScreen
0x610404 DrawTextA
0x610408 FillRect
0x61040c EnableWindow
0x610410 SetScrollPos
0x610414 GetScrollRange
0x610418 GetScrollPos
0x61041c GetWindowThreadProcessId
0x610420 CallWindowProcW
0x610424 MonitorFromPoint
0x610428 CheckMenuItem
0x61042c EnumDisplaySettingsW
0x610430 EnableMenuItem
0x610434 DeleteMenu
0x610438 LoadMenuW
0x61043c DialogBoxParamW
0x610440 GetDlgCtrlID
0x610444 GetActiveWindow
0x610448 SetFocus
0x61044c GetCursorPos
0x610450 DrawTextW
0x610454 GetWindowTextLengthW
0x610458 GetKeyState
0x61045c CreatePopupMenu
0x610460 AppendMenuW
0x610464 TrackPopupMenu
0x610468 DestroyMenu
0x61046c SetCapture
0x610470 GetCapture
0x610474 PtInRect
0x610478 SetCursor
0x61047c ReleaseCapture
0x610480 SystemParametersInfoW
0x610484 ChangeDisplaySettingsW
0x610488 SetForegroundWindow
0x61048c IsWindow
0x610490 EndPaint
0x610494 BeginPaint
0x610498 DestroyIcon
0x61049c IsWindowVisible
0x6104a0 OffsetRect
0x6104a4 LoadIconW
0x6104a8 DrawIconEx
0x6104ac UnionRect
0x6104b0 mouse_event
0x6104b4 OpenInputDesktop
0x6104b8 IntersectRect
0x6104bc GetUserObjectInformationW
0x6104c0 MoveWindow
0x6104c4 EnumDisplayMonitors
0x6104c8 KillTimer
0x6104cc LoadImageW
0x6104d0 GetParent
0x6104d4 GetWindow
0x6104d8 GetWindowRect
0x6104dc GetWindowLongW
0x6104e0 MonitorFromWindow
0x6104e4 GetMonitorInfoW
0x6104e8 GetIconInfo
0x6104ec GetCursorInfo
0x6104f0 BlockInput
0x6104f4 GetSubMenu
0x6104f8 MapVirtualKeyW
0x6104fc MapWindowPoints
0x610500 SendMessageW
0x610504 SetTimer
0x610508 SetWindowTextW
0x61050c GetSystemMetrics
0x610510 IsDialogMessageW
0x610514 GetDC
0x610518 ReleaseDC
0x61051c CharNextW
0x610520 RegisterClassExW
0x610524 LoadCursorW
0x610528 GetClassInfoExW
0x61052c CreateWindowExW
0x610530 MessageBoxW
0x610534 DefWindowProcW
0x610538 PeekMessageW
0x61053c SetWindowLongW
0x610540 EndDialog
0x610544 DestroyWindow
0x610548 CreateDialogParamW
0x61054c LoadStringW
0x610550 LockWorkStation
0x610554 GetDlgItem
0x610558 GetDlgItemTextA
0x61055c GetClientRect
0x610560 SetWindowPos
0x610564 ShowWindow
0x610568 InvalidateRect
0x61056c UpdateWindow
0x610570 PostMessageW
0x610574 OpenDesktopW
0x610578 SetThreadDesktop
0x61057c CloseDesktop
0x610580 GetMessageW
0x610584 PostQuitMessage
0x610588 TranslateMessage
0x61058c DispatchMessageW
0x610590 PostThreadMessageW
0x610594 UnregisterClassA
0x610598 GetWindowTextW
GDI32.dll
0x610074 CreateDCW
0x610078 BitBlt
0x61007c RestoreDC
0x610080 GetPaletteEntries
0x610084 ExtSelectClipRgn
0x610088 CreateRectRgn
0x61008c StretchBlt
0x610090 CreateCompatibleDC
0x610094 CreateDIBSection
0x610098 SetStretchBltMode
0x61009c GetObjectW
0x6100a0 GetDIBits
0x6100a4 GetTextExtentExPointW
0x6100a8 CreateHatchBrush
0x6100ac CreateFontW
0x6100b0 ExtTextOutW
0x6100b4 RoundRect
0x6100b8 Polygon
0x6100bc Ellipse
0x6100c0 ExcludeClipRect
0x6100c4 SelectClipRgn
0x6100c8 SetViewportOrgEx
0x6100cc SetBkColor
0x6100d0 CreatePen
0x6100d4 GetStockObject
0x6100d8 GetDeviceCaps
0x6100dc DeleteObject
0x6100e0 CreateSolidBrush
0x6100e4 Rectangle
0x6100e8 SelectObject
0x6100ec DeleteDC
0x6100f0 PatBlt
0x6100f4 SetTextColor
0x6100f8 SaveDC
0x6100fc TextOutW
0x610100 SetBkMode
ADVAPI32.dll
0x610000 LookupPrivilegeValueW
0x610004 AdjustTokenPrivileges
0x610008 OpenProcessToken
0x61000c DuplicateTokenEx
0x610010 SetTokenInformation
0x610014 CreateProcessAsUserW
0x610018 StartServiceCtrlDispatcherW
0x61001c RegisterServiceCtrlHandlerW
0x610020 SetServiceStatus
0x610024 DeleteService
0x610028 CreateServiceW
0x61002c OpenServiceW
0x610030 StartServiceW
0x610034 ControlService
0x610038 ChangeServiceConfig2W
0x61003c OpenSCManagerW
0x610040 CloseServiceHandle
0x610044 RegQueryValueExW
0x610048 GetUserNameW
0x61004c RegQueryInfoKeyW
0x610050 RegSetValueExW
0x610054 RegEnumKeyExW
0x610058 RegOpenKeyExW
0x61005c RegCreateKeyExW
0x610060 RegCloseKey
0x610064 RegDeleteValueW
0x610068 RegDeleteKeyW
0x61006c CreateProcessAsUserA
SHELL32.dll
0x610378 SHGetFolderPathW
0x61037c DragFinish
0x610380 Shell_NotifyIconW
0x610384 DragAcceptFiles
0x610388 ShellExecuteA
0x61038c DragQueryFileW
ole32.dll
0x610628 CoTaskMemFree
0x61062c CoTaskMemAlloc
0x610630 CoTaskMemRealloc
0x610634 CoInitializeEx
0x610638 CoUninitialize
0x61063c PropVariantClear
0x610640 CoCreateInstance
OLEAUT32.dll
0x610368 VariantClear
0x61036c VarUI4FromStr
0x610370 VariantInit
USERENV.dll
0x6105a0 DestroyEnvironmentBlock
0x6105a4 CreateEnvironmentBlock
EAT(Export Address Table) is none
WS2_32.dll
0x6105ac getservbyname
0x6105b0 ntohs
0x6105b4 gethostbyaddr
0x6105b8 ntohl
0x6105bc recvfrom
0x6105c0 WSASetLastError
0x6105c4 getservbyport
0x6105c8 WSAIoctl
0x6105cc send
0x6105d0 WSAGetLastError
0x6105d4 connect
0x6105d8 inet_ntoa
0x6105dc htons
0x6105e0 closesocket
0x6105e4 socket
0x6105e8 ioctlsocket
0x6105ec inet_addr
0x6105f0 htonl
0x6105f4 getsockname
0x6105f8 setsockopt
0x6105fc sendto
0x610600 ind
0x610604 gethostbyname
0x610608 listen
0x61060c accept
0x610610 select
0x610614 __WSAFDIsSet
0x610618 getpeername
0x61061c recv
0x610620 WSAStartup
KERNEL32.dll
0x610108 FindFirstFileW
0x61010c FindNextFileW
0x610110 RemoveDirectoryW
0x610114 FindClose
0x610118 DeleteFileW
0x61011c TerminateProcess
0x610120 WriteFile
0x610124 CreateFileA
0x610128 WaitNamedPipeA
0x61012c CreateNamedPipeA
0x610130 GetStartupInfoA
0x610134 GetOverlappedResult
0x610138 WaitForMultipleObjects
0x61013c ReadFile
0x610140 CreateEventW
0x610144 GlobalFree
0x610148 GlobalUnlock
0x61014c GlobalLock
0x610150 GlobalAlloc
0x610154 GetFileSize
0x610158 SetFileTime
0x61015c CreateFileW
0x610160 MoveFileW
0x610164 CreateDirectoryW
0x610168 SetEvent
0x61016c GlobalSize
0x610170 GetFileAttributesW
0x610174 GetTempPathA
0x610178 ResetEvent
0x61017c WaitForSingleObject
0x610180 TerminateThread
0x610184 SetThreadPriority
0x610188 CreateThread
0x61018c GetLocalTime
0x610190 OutputDebugStringA
0x610194 WideCharToMultiByte
0x610198 GetSystemTimeAsFileTime
0x61019c DeviceIoControl
0x6101a0 FindFirstFileA
0x6101a4 FindNextFileA
0x6101a8 GetDriveTypeW
0x6101ac QueryPerformanceCounter
0x6101b0 QueryPerformanceFrequency
0x6101b4 GetSystemInfo
0x6101b8 GetSystemDirectoryA
0x6101bc CreateToolhelp32Snapshot
0x6101c0 TryEnterCriticalSection
0x6101c4 InterlockedExchangeAdd
0x6101c8 InterlockedCompareExchange
0x6101cc TlsFree
0x6101d0 TlsSetValue
0x6101d4 TlsAlloc
0x6101d8 TlsGetValue
0x6101dc GetTimeZoneInformation
0x6101e0 GetStartupInfoW
0x6101e4 IsDebuggerPresent
0x6101e8 SetUnhandledExceptionFilter
0x6101ec UnhandledExceptionFilter
0x6101f0 GetDriveTypeA
0x6101f4 FileTimeToLocalFileTime
0x6101f8 FileTimeToSystemTime
0x6101fc VirtualQuery
0x610200 VirtualProtect
0x610204 HeapReAlloc
0x610208 ExitProcess
0x61020c RtlUnwind
0x610210 VirtualAlloc
0x610214 VirtualFree
0x610218 IsProcessorFeaturePresent
0x61021c HeapAlloc
0x610220 GetProcessHeap
0x610224 HeapFree
0x610228 GetACP
0x61022c GetOEMCP
0x610230 IsValidCodePage
0x610234 HeapCreate
0x610238 InterlockedExchange
0x61023c DeleteFileA
0x610240 OpenProcess
0x610244 HeapSize
0x610248 GetConsoleCP
0x61024c GetConsoleMode
0x610250 SetHandleCount
0x610254 GetFileType
0x610258 SetFilePointer
0x61025c GetFullPathNameA
0x610260 GetCurrentDirectoryA
0x610264 GetModuleHandleA
0x610268 FreeEnvironmentStringsW
0x61026c Process32FirstW
0x610270 Process32NextW
0x610274 LoadLibraryW
0x610278 ProcessIdToSessionId
0x61027c GetVersionExW
0x610280 CreateProcessA
0x610284 VerSetConditionMask
0x610288 VerifyVersionInfoW
0x61028c CreateFileMappingW
0x610290 GetProcAddress
0x610294 lstrcmpiW
0x610298 LoadLibraryExW
0x61029c FindResourceW
0x6102a0 LoadResource
0x6102a4 SizeofResource
0x6102a8 MultiByteToWideChar
0x6102ac FreeLibrary
0x6102b0 InitializeCriticalSection
0x6102b4 lstrlenW
0x6102b8 GetModuleFileNameW
0x6102bc GetModuleHandleW
0x6102c0 GetCPInfo
0x6102c4 UnmapViewOfFile
0x6102c8 MapViewOfFile
0x6102cc OpenFileMappingW
0x6102d0 GetTickCount
0x6102d4 GetCurrentProcessId
0x6102d8 GetModuleFileNameA
0x6102dc Sleep
0x6102e0 CreateMutexW
0x6102e4 CloseHandle
0x6102e8 GetLastError
0x6102ec InterlockedDecrement
0x6102f0 InterlockedIncrement
0x6102f4 GetCurrentProcess
0x6102f8 FlushInstructionCache
0x6102fc RaiseException
0x610300 GetCurrentThreadId
0x610304 SetLastError
0x610308 LeaveCriticalSection
0x61030c EnterCriticalSection
0x610310 DeleteCriticalSection
0x610314 InitializeCriticalSectionAndSpinCount
0x610318 GetEnvironmentStringsW
0x61031c GetCommandLineW
0x610320 LCMapStringA
0x610324 LCMapStringW
0x610328 FlushFileBuffers
0x61032c GetLocaleInfoA
0x610330 GetStringTypeA
0x610334 GetStringTypeW
0x610338 SetStdHandle
0x61033c WriteConsoleA
0x610340 GetConsoleOutputCP
0x610344 WriteConsoleW
0x610348 CompareStringA
0x61034c CompareStringW
0x610350 SetEnvironmentVariableA
0x610354 SetEndOfFile
0x610358 GetStdHandle
0x61035c LocalAlloc
0x610360 LoadLibraryA
USER32.dll
0x610394 EnumWindows
0x610398 WindowFromPoint
0x61039c UnregisterClassW
0x6103a0 RegisterClassW
0x6103a4 SendInput
0x6103a8 UnregisterHotKey
0x6103ac GetDesktopWindow
0x6103b0 SetLayeredWindowAttributes
0x6103b4 RegisterHotKey
0x6103b8 GetClipboardData
0x6103bc GetPriorityClipboardFormat
0x6103c0 GetClipboardSequenceNumber
0x6103c4 ExitWindowsEx
0x6103c8 OpenClipboard
0x6103cc EmptyClipboard
0x6103d0 SetClipboardData
0x6103d4 CloseClipboard
0x6103d8 GetThreadDesktop
0x6103dc FindWindowW
0x6103e0 GetDlgItemTextW
0x6103e4 GetDlgItemInt
0x6103e8 SetDlgItemTextW
0x6103ec SetDlgItemInt
0x6103f0 SendDlgItemMessageW
0x6103f4 SetScrollInfo
0x6103f8 ShowScrollBar
0x6103fc GetScrollInfo
0x610400 ClientToScreen
0x610404 DrawTextA
0x610408 FillRect
0x61040c EnableWindow
0x610410 SetScrollPos
0x610414 GetScrollRange
0x610418 GetScrollPos
0x61041c GetWindowThreadProcessId
0x610420 CallWindowProcW
0x610424 MonitorFromPoint
0x610428 CheckMenuItem
0x61042c EnumDisplaySettingsW
0x610430 EnableMenuItem
0x610434 DeleteMenu
0x610438 LoadMenuW
0x61043c DialogBoxParamW
0x610440 GetDlgCtrlID
0x610444 GetActiveWindow
0x610448 SetFocus
0x61044c GetCursorPos
0x610450 DrawTextW
0x610454 GetWindowTextLengthW
0x610458 GetKeyState
0x61045c CreatePopupMenu
0x610460 AppendMenuW
0x610464 TrackPopupMenu
0x610468 DestroyMenu
0x61046c SetCapture
0x610470 GetCapture
0x610474 PtInRect
0x610478 SetCursor
0x61047c ReleaseCapture
0x610480 SystemParametersInfoW
0x610484 ChangeDisplaySettingsW
0x610488 SetForegroundWindow
0x61048c IsWindow
0x610490 EndPaint
0x610494 BeginPaint
0x610498 DestroyIcon
0x61049c IsWindowVisible
0x6104a0 OffsetRect
0x6104a4 LoadIconW
0x6104a8 DrawIconEx
0x6104ac UnionRect
0x6104b0 mouse_event
0x6104b4 OpenInputDesktop
0x6104b8 IntersectRect
0x6104bc GetUserObjectInformationW
0x6104c0 MoveWindow
0x6104c4 EnumDisplayMonitors
0x6104c8 KillTimer
0x6104cc LoadImageW
0x6104d0 GetParent
0x6104d4 GetWindow
0x6104d8 GetWindowRect
0x6104dc GetWindowLongW
0x6104e0 MonitorFromWindow
0x6104e4 GetMonitorInfoW
0x6104e8 GetIconInfo
0x6104ec GetCursorInfo
0x6104f0 BlockInput
0x6104f4 GetSubMenu
0x6104f8 MapVirtualKeyW
0x6104fc MapWindowPoints
0x610500 SendMessageW
0x610504 SetTimer
0x610508 SetWindowTextW
0x61050c GetSystemMetrics
0x610510 IsDialogMessageW
0x610514 GetDC
0x610518 ReleaseDC
0x61051c CharNextW
0x610520 RegisterClassExW
0x610524 LoadCursorW
0x610528 GetClassInfoExW
0x61052c CreateWindowExW
0x610530 MessageBoxW
0x610534 DefWindowProcW
0x610538 PeekMessageW
0x61053c SetWindowLongW
0x610540 EndDialog
0x610544 DestroyWindow
0x610548 CreateDialogParamW
0x61054c LoadStringW
0x610550 LockWorkStation
0x610554 GetDlgItem
0x610558 GetDlgItemTextA
0x61055c GetClientRect
0x610560 SetWindowPos
0x610564 ShowWindow
0x610568 InvalidateRect
0x61056c UpdateWindow
0x610570 PostMessageW
0x610574 OpenDesktopW
0x610578 SetThreadDesktop
0x61057c CloseDesktop
0x610580 GetMessageW
0x610584 PostQuitMessage
0x610588 TranslateMessage
0x61058c DispatchMessageW
0x610590 PostThreadMessageW
0x610594 UnregisterClassA
0x610598 GetWindowTextW
GDI32.dll
0x610074 CreateDCW
0x610078 BitBlt
0x61007c RestoreDC
0x610080 GetPaletteEntries
0x610084 ExtSelectClipRgn
0x610088 CreateRectRgn
0x61008c StretchBlt
0x610090 CreateCompatibleDC
0x610094 CreateDIBSection
0x610098 SetStretchBltMode
0x61009c GetObjectW
0x6100a0 GetDIBits
0x6100a4 GetTextExtentExPointW
0x6100a8 CreateHatchBrush
0x6100ac CreateFontW
0x6100b0 ExtTextOutW
0x6100b4 RoundRect
0x6100b8 Polygon
0x6100bc Ellipse
0x6100c0 ExcludeClipRect
0x6100c4 SelectClipRgn
0x6100c8 SetViewportOrgEx
0x6100cc SetBkColor
0x6100d0 CreatePen
0x6100d4 GetStockObject
0x6100d8 GetDeviceCaps
0x6100dc DeleteObject
0x6100e0 CreateSolidBrush
0x6100e4 Rectangle
0x6100e8 SelectObject
0x6100ec DeleteDC
0x6100f0 PatBlt
0x6100f4 SetTextColor
0x6100f8 SaveDC
0x6100fc TextOutW
0x610100 SetBkMode
ADVAPI32.dll
0x610000 LookupPrivilegeValueW
0x610004 AdjustTokenPrivileges
0x610008 OpenProcessToken
0x61000c DuplicateTokenEx
0x610010 SetTokenInformation
0x610014 CreateProcessAsUserW
0x610018 StartServiceCtrlDispatcherW
0x61001c RegisterServiceCtrlHandlerW
0x610020 SetServiceStatus
0x610024 DeleteService
0x610028 CreateServiceW
0x61002c OpenServiceW
0x610030 StartServiceW
0x610034 ControlService
0x610038 ChangeServiceConfig2W
0x61003c OpenSCManagerW
0x610040 CloseServiceHandle
0x610044 RegQueryValueExW
0x610048 GetUserNameW
0x61004c RegQueryInfoKeyW
0x610050 RegSetValueExW
0x610054 RegEnumKeyExW
0x610058 RegOpenKeyExW
0x61005c RegCreateKeyExW
0x610060 RegCloseKey
0x610064 RegDeleteValueW
0x610068 RegDeleteKeyW
0x61006c CreateProcessAsUserA
SHELL32.dll
0x610378 SHGetFolderPathW
0x61037c DragFinish
0x610380 Shell_NotifyIconW
0x610384 DragAcceptFiles
0x610388 ShellExecuteA
0x61038c DragQueryFileW
ole32.dll
0x610628 CoTaskMemFree
0x61062c CoTaskMemAlloc
0x610630 CoTaskMemRealloc
0x610634 CoInitializeEx
0x610638 CoUninitialize
0x61063c PropVariantClear
0x610640 CoCreateInstance
OLEAUT32.dll
0x610368 VariantClear
0x61036c VarUI4FromStr
0x610370 VariantInit
USERENV.dll
0x6105a0 DestroyEnvironmentBlock
0x6105a4 CreateEnvironmentBlock
EAT(Export Address Table) is none